EU Cyber Security Directive

Mark Rogers addresses growth and security and how a proposed EU Cyber Security Directive focussing on network and information security (NIS), must get the balance right.

EU Cyber Security Directive – a sledgehammer to crack a coconut?

As usual, a proposed EU Cyber Security Directive, drafted by the European Commission, looks like being a sledgehammer to crack if not a nut, then perhaps a coconut. Likewise, the reporting of it has been the usual mix of fear, uncertainty and doubt. On the one hand it is going to protect the consumer and the business user of IT services, simultaneously forcing massive costs on IT service providers – and depending what you read, force some out of business and block entry to the market for many others. The many others are noted to be the innovative smaller service providers which have some start up seed funding but not the deep pockets of Google or Amazon.

The legislation is likely to end up somewhere in between the two; I hope.

Legislators around the world have failed to keep pace with technology, particularly cloud and internet services. It’s not a surprise of course; governments can barely keep pace with anything in the private sector because in part it is their job not to try. Innovation comes from the private sector, fitting that innovation into models of governance comes some time later.

It would be a shame however if this legislation takes an approach of ‘lock everything down and throw away the key’ in terms of the innovation that is changing business, changing societies, and changing the world.

As an accountant, the word balance is an important one to me. My balance sheet shows my current assets and liabilities. The one rule of the balance sheet is that it does just that – it balances.

Businesses have to also balance the need for agility, flexibility, innovation, growth, and the risks of creating an environment where these fundamentals can exist.

When an investor first provides capital investment to a start-up they take a risk. They hope it’s a balanced risk and that the business plan they are putting money behind has been thoroughly constructed. But they know for growth of their capital investment to happen some, risk has to be taken. Without risk there is no growth.

IT is now a fundamental growth strategy for businesses across the EU. It has to be, because IT investment is a fundamental growth strategy in Asia, Africa and the Americas. These markets see IT as core to their global business growth strategies.

The EU Cyber Security Directive will therefore need to balance the growth potential of IT with the risks of those IT systems being run badly by the company using them or the service provider offering services across them.

But it’s subtler than that. Because the EU needs to balance the possible risks balanced against the likelihood that data will be lost, or exposed, or stolen. It has to take a calculated risk because, if it thinks it will close down those risks for EU businesses in isolation of the rest of the world, it could well be legislating simply to close down the choice of innovative IT services and solutions available to European businesses.

In San Jose or Sao Paulo or Shanghai start-ups may well choose to create innovative products which do not meet European legislative standards because the 4 billion consumers and businesses who do not live in Europe are seen as a good enough market to sell products to.

The EU is doing the right thing by tightening up the rules on security because it and other governments have been to slow to react in the past.

But, it must balance that with an understanding of European businesses’ need to use innovative products and services, especially cloud and internet based services, if they are to compete with their global counterparts.

It is going to be a tricky tightrope to balance on, but the EU has to think not simply outside of the box but outside of its own borders.

There are very few European Microsofts, Googles, Amazons and Skypes. If the EU get this legislation wrong there is a good chance that it won’t be these or their contemporaries that suffer; it could be the European consumers and business customers who use their products and services to fuel economic and business growth.

About Mark Rogers

Mark Rogers is CEO of Logicalis Group since March 1st 2015. He joined Logicalis in 2003 as Finance Director for Logicalis UK, and in 2004 he became Chief Financial Officer, European Operations. Since March 2007, he has taken on the role of Chief Operating Officer for Logicalis Group and in March 2014, Mark was appointed President and COO of Logicalis Group.

Mark has extensive experience in the technology and service sectors both in the UK and internationally. He spent 20 years at Racal Electronics/Thales of which 13 years were at Finance Director level within divisions providing Managed Network Services, Telecoms and Survey & Positioning Services. Whilst at Thales he was also Chairman of Citylink Telecommunications, a joint venture company which had secured a £1.2 billion, 20 year PFI contract with London Underground. Also, he has significant M&A experience including the sale of Racal Telecom to Global Crossing for £1 billion as well as experience in the acquisition and integration of smaller businesses.

He started his finance career with Revlon where he qualified as a Chartered Management Accountant.

In the third of a nine-part series drawing on the Logicalis Global CIO study, Chris Gabriel explains why apps are central to digital transformation. The statement ‘Every company is a software company’ has been on repeat over the last few years. When it was first uttered it was more of a future-gazing, stake-in-the-ground pronouncement – and […]

Bob Bailkoski, Logicalis CFO, looks at what CFOs want from CIOs and how they can deliver. Digital technologies, such as big data, analytics, mobile and cloud, are now more closely connected to the financial health of organisations than ever before. It is vital, therefore, that IT and finance leaders get along. However, in many organisations a […]

In this, the second post in a nine-part series, drawing on the Logicalis Global CIO study, Logicalis CEO Mark Rogers assesses how digital disruption is changing the way businesses procure, manage and consume technology – as well as what that means for CIOs and their teams. He looks in particular at a previous symptom of digital transformation […]

We recently announced at Logicalis that we are putting together a team to explore the immediate and future impact of Software Defined Networking. But to the non-technical CXO, what is an SDN? Gary Thomas explains. For the average technically minded executive many new concepts are understood by a form of osmosis coupled with a core […]

Fred Kouwenberg, Sales Director at Logicalis SMC looks at a key challenge today’s agile organisations pose for operations teams – deploying new releases to production immediately after development and testing is completed – arguing that an automatic and transparent process, agile deployment, is required if applications are to be delivered successfully. The highly competitive nature […]

A research white paper published today by Ovum and commissioned by Logicalis, reveals some interesting statistics about the willingness to use, and readiness to deploy, BYOD in the workplace. Ovum’s multi-market Q4 2012 BYOD survey gathered responses from 3,796 consumers who work full-time in organisations with more than 50 employees across 17 different countries. Respondents […]

Chris Meager looks at Corporate Owned, Personally Enabled (COPE), a BYOD model that may suit organisations who require a higher degree of predictability over their network of devices, with the advantages of allowing users the benefits of integrating personal and work use on a single smart device. Any straw poll on the views towards BYOD […]

The productivity benefits of BYOD and enterprise mobility are becoming hard to ignore and corporate adoption is growing, but are businesses getting it right in terms of procedure and policy? Caryn Johnston, Director of Propositions, investigates. BYOD (Bring Your Own Device) use among enterprise employees appears to be growing, according to recent Gartner survey. At […]

Over the past two years we have featured several articles about BYOD. Here is a round up of those posts all aimed at the CIO, CTO and wider C-Level community. Feel free to comment if you have any thoughts about the future of BYOD an mobility. If you want BYOD to work, do the maths […]

BYOD in schools, Chris Gabriel looks at whether allowing school children to BYOD is a good idea or just a faddy notion. There is an argument that the use of technology and new inventions, such as BYOD, “dulls the memory and results in people seeming to know much, while for the most part knowing nothing”. […]